Subject: Re: [secure@FREEBSD.LUBLIN.PL: FreeBSD (and other BSDs?) local root explot]
To: Todd C. Miller <>
From: Bill Sommerfeld <>
List: tech-security
Date: 08/27/1999 10:57:54
  by with SMTP; 27 Aug 1999 14:58:16 -0000
	by (8.8.8/1.34) with ESMTP id OAA19930;
	Fri, 27 Aug 1999 14:57:55 GMT
Message-Id: <>
To: "Todd C. Miller" <>
cc: Manuel Bouyer <>,
Subject: Re: [secure@FREEBSD.LUBLIN.PL: FreeBSD (and other BSDs?) local root explot] 
In-Reply-To: Message from "Todd C. Miller" <> 
   of "Fri, 27 Aug 1999 08:46:37 MDT." <> 
Date: Fri, 27 Aug 1999 10:57:54 -0400
From: Bill Sommerfeld <>

I think coredumps through symlinks are dangerous in general and should
just be disabled.

IMHO what the folks creating symlinks to not send their coredumps into
NFS "really" want is a per-process inherited attribute which i'll call
the "core filename format".

Currently it's "%n.core"

reasonable things might be:

	format chars:
		n:	program name
		p:	process id
		u:	user login name (as set by setlogin(2)), ...

Implementing this seems like a reasonable afternoon project and
doesn't seem fraught with risk like the "check owner of symlink" thing
would be..

				- Bill